The mistake is that the Events tab is chosen when you’re on a forgot password form. It means they are not using any cool framework for development, or at least misusing some framework.
It pays to consider the level of security in the context of what’s being protected. Quite frankly, I could care less if any of many of the web sites I have accounts on were compromised. The password more often protects their interests, not mine. Of course, if the account is at all sensitive with membership information (as is likely the case here), there may be a problem.
Since you’ve sent readers on a wild goose chase by not explaining the problem that we should be discussing, I’ll withhold any further comment. Depending on which can of worms you actually open on us in a later post, I’ll be able to better elucidate in context.
if you know an existing mensa member’s email address it might be kind of fun to spam them by hitting the ‘Send me my password’ button a couple hundred times …
Well, it’s Mensa which means many, many smart people. Maybe their coders were able to break SHA, MD5 or whatever hash alg they are using… The only question is why they keep it secret?
It’s not a good idea to tell we don’t have the entered email address in our system, easier and safer to give the same response whether we sent an email or not.
I was in MENSA once. I got tired of hanging out with those people. I was stunned at how many of these supposedly briliiant people either held down the lamest jobs you could imagine (one guy was the nightime cleanup guy at a dive bar). And those were the ones that could hold down a steady job! Most of them dressed like a bunch of slobs and smelled like they never showered
Silly people, the real issue is that you don’t put the word Colloquium on a website. I mean, what the heck does that mean… stupid fancy Latin word users!
Never like the password being sent to me. Better to have a reset password link, I think.